From c95f5b6dedaf857f9bc8387d24f857a32115627b Mon Sep 17 00:00:00 2001 From: Mikhail Avramenko Date: Mon, 7 Jun 2021 12:38:53 +0700 Subject: [PATCH 1/2] added local forwarder healing example Signed-off-by: Mikhail Avramenko --- .../use-cases/LocalForwarderHealing/README.md | 159 ++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 examples/use-cases/LocalForwarderHealing/README.md diff --git a/examples/use-cases/LocalForwarderHealing/README.md b/examples/use-cases/LocalForwarderHealing/README.md new file mode 100644 index 000000000000..ef97295e7806 --- /dev/null +++ b/examples/use-cases/LocalForwarderHealing/README.md @@ -0,0 +1,159 @@ +# Test kernel to kernel connection + + +This example shows that NSC and NSE on the one node can find each other. + +NSC and NSE are using the `kernel` mechanism to connect to its local forwarder. + +## Requires + +Make sure that you have completed steps from [basic](../../basic) or [memory](../../memory) setup. + +## Run + +Create test namespace: +```bash +NAMESPACE=($(kubectl create -f ../namespace.yaml)[0]) +NAMESPACE=${NAMESPACE:10} +``` + +Register namespace in `spire` server: +```bash +kubectl exec -n spire spire-server-0 -- \ +/opt/spire/bin/spire-server entry create \ +-spiffeID spiffe://example.org/ns/${NAMESPACE}/sa/default \ +-parentID spiffe://example.org/ns/spire/sa/spire-agent \ +-selector k8s:ns:${NAMESPACE} \ +-selector k8s:sa:default +``` + +Select node to deploy NSC and NSE: +```bash +NODE=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{index .metadata.labels "kubernetes.io/hostname"}} {{end}}{{end}}')[0]) +``` + +Create customization file: +```bash +cat > kustomization.yaml < patch-nsc.yaml < patch-nse.yaml < Date: Mon, 7 Jun 2021 15:14:18 +0700 Subject: [PATCH 2/2] refactoring of forwarder healing example Signed-off-by: Mikhail Avramenko --- examples/heal/README.md | 11 +++++++++++ .../local-forwarder-healing}/README.md | 5 ++--- examples/heal/namespace.yaml | 5 +++++ 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 examples/heal/README.md rename examples/{use-cases/LocalForwarderHealing => heal/local-forwarder-healing}/README.md (96%) create mode 100644 examples/heal/namespace.yaml diff --git a/examples/heal/README.md b/examples/heal/README.md new file mode 100644 index 000000000000..07c96039ed0f --- /dev/null +++ b/examples/heal/README.md @@ -0,0 +1,11 @@ +# Heal examples + +This document contain links for heal examples of NSM. + +## Requires + +To run any heal example follow steps for [Basic NSM setup](../basic) + +## Includes + +- [Local Forwarder restart](./local-forwarder-healing) \ No newline at end of file diff --git a/examples/use-cases/LocalForwarderHealing/README.md b/examples/heal/local-forwarder-healing/README.md similarity index 96% rename from examples/use-cases/LocalForwarderHealing/README.md rename to examples/heal/local-forwarder-healing/README.md index ef97295e7806..121236946a45 100644 --- a/examples/use-cases/LocalForwarderHealing/README.md +++ b/examples/heal/local-forwarder-healing/README.md @@ -1,7 +1,6 @@ -# Test kernel to kernel connection +# Test local forwarder restart - -This example shows that NSC and NSE on the one node can find each other. +This example shows that NSM keeps working after the local Forwarder restart. NSC and NSE are using the `kernel` mechanism to connect to its local forwarder. diff --git a/examples/heal/namespace.yaml b/examples/heal/namespace.yaml new file mode 100644 index 000000000000..7919ccab9bec --- /dev/null +++ b/examples/heal/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + generateName: ns-